PHP 4.4.2 and SSL
I know it’s been a while since PHP 4.4.2 came out but I needed something to write about, so anyway… there is a major bug in the way PHP handles sockets & streams via SSL, as in, it don’t work anymore. This makes me and my clients sad. If you don’t have a working CURL with SSL compiled in, you’re basically screwed. Right, Verio?
So suppose you have a script that does a get_file_contents() on a page with https enabled, for instance, if you have to pass credentials in order to access the page. As far as I can tell, you’re buggered. I can’t even use sockets to do it, as the user post on php.net suggests.
Luckily, my pages didn’t require https after all as they were only occurring on localhost. How secure this is in a shared environment depends on how likely it is that a user can break chroot and get a sniffer on the network layer. I suppose the chain is only as strong as its weakest link, at any rate.
A Clockwork Noodle 
Leave a comment